Skip to content

Draft: Let's Encrypt Picks Merkle Tree Certificates for Post-Quantum TLS#35

Draft
krakenhavoc wants to merge 1 commit into
mainfrom
claude/confident-tesla-qf85ap
Draft

Draft: Let's Encrypt Picks Merkle Tree Certificates for Post-Quantum TLS#35
krakenhavoc wants to merge 1 commit into
mainfrom
claude/confident-tesla-qf85ap

Conversation

@krakenhavoc

@krakenhavoc krakenhavoc commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Sources

Uniqueness check

Three most recent posts reviewed:

  1. public-ca-eku-separation-june-2026.md (2026-05-27) -- clientAuth EKU removal from public TLS intermediates. No overlap.
  2. sc098v2-caa-rfc8657-mandatory.md (2026-05-20) -- CAA RFC 8657 parameter enforcement. No overlap.
  3. post-quantum-tls-certificate-readiness.md (2026-04-19) -- General PQC migration overview covering ML-DSA algorithm sizes and hybrid certificate strategy. The April post addresses the problem space; this post covers the specific architectural solution (MTC) that Let's Encrypt committed to on June 3. No substantial overlap.

Why this topic this week

Let's Encrypt's June 3 announcement is the first public commitment from a major CA to the MTC architecture. Because Let's Encrypt issues 54% of public TLS certificates, this decision effectively determines whether MTCs become viable across the majority of the encrypted web. The IETF PLANTS draft-04 was revised nine days before the announcement, making this the right moment to document both the protocol mechanics and what ACME operators need to track.

krakenhavoc added a commit that referenced this pull request Jun 30, 2026
- Add public-ca-eku-separation-june-2026.md to src/posts/ tree
- Note upcoming lets-encrypt-merkle-tree-certificates.md (web PR #35, opened 2026-06-24)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant